Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Thycotic Cloud Automation Tool Bundle Is Multi-Layered Privilege Security


Written by Barbara Hoffman

March 9th, 2021

The explosion of Cloud IT has made privileged access management impossible without automation tools.

Critical technical service accounts run through AWS, Azure, and Google Cloud Platform. DevOps teams connect and build cloud applications using CI/CD toolchains. Business users are adopting SaaS tools at a rapid clip—the average enterprise has hundreds of web-based SaaS tools that connect to privileged user accounts. 

IT and security teams simply can’t keep up with the constantly changing cloud attack surface. They can’t protect cloud privileged accounts the same way they’ve been managing on premise.

More than 77% of all cloud breaches involve compromised credentials

That’s one reason 80% of organizations operating in the cloud experience at least one compromised account each month, reports MacAfee. In fact, more than 77% of all cloud breaches involve compromised credentials, according to the latest Verizon Data Breach Report.

Solving the Cloud Automation Challenge

Thycotic’s flagship Secret Server has long been the hub for cloud PAM management. With Secret Server, you can discover privileged accounts in the cloud, vault cloud credentials, delegate cloud access, and manage sessions for cloud-based infrastructure, applications, and services.

Continuous AWS account discovery and Google Cloud discovery identifies accounts used on those resources. Once you know which accounts are used, you can secure them with Secret Server controls such as secret creation and key rotation.

In addition, Thycotic offers three additional PAM tools designed for the cloud that tightly integrated into Secret Server for seamless automation.

1. Thycotic DevOps Secrets Vault

The combination of Secret Server and DevOps Secrets Vault (DSV) eliminates friction in your DevOps workflow with high-speed secrets management. You can provide newly created machines and applications just-in-time access with ephemeral secrets that automatically expire. Any would-be attacker is limited in what they can do and has a limited window to do it.

DSV supports dynamic secret creation for MySQL, PostgreSQL, and Oracle, as well as cloud platforms, such as AWS, Azure, and GCP. It integrates into your CI/CD workflow, with support for Jenkins, Kubernetes, Terraform, Ansible, and Chef, and programming languages Java, Go, Python, Ruby, and .NET. Secrets, SSH keys, and file replication are automatically synchronized between DSV and Secret Server for close coordination between the two solutions.

2. Thycotic Connection Manager

The combination of Secret Server and Connection Manager saves IT teams time by automatically injecting privileged credentials directly into a remote session. IT teams never need to enter or even see passwords. This eliminates the possibility of leaving sensitive information in system memory and opening the door to Pass-the-Hash attacks.

When IT needs to resolve a service request, such as setting up cloud applications and containers or helping users, they don’t waste time figuring out how to connect to different services and platforms or navigate connection protocols. They can launch and manage remote sessions for both RDP and SSH in a unified environment and quickly switch between active sessions from a single screen.

3. Thycotic Privileged Behavior Analytics

The combination of Secret Server and Privileged Behavior Analytics (PBA) prevents privileged account abuse. PBA’s advanced machine learning detects anomalies in privileged account behavior and automatically takes action in Secret Server before a cyber threat becomes a cyber catastrophe. When risk scores pass acceptable thresholds, Secret Server can immediately rotate passwords, require additional authentication, or increase session monitoring.

Introducing the Cloud Automation Bundle 

To support enterprises in the quest to secure cloud-based privileged accounts, we’ve put together a bundle of automated PAM tools in a single, integrated package. You can jumpstart your cloud privilege security strategy by getting everything you need in one place.

The Cloud Automation Bundle centers on Thycotic’s award-winning solution, Secret Server, as the hub for cloud PAM management and rolls in DevOps Secrets Vault, Connection Manager and Privileged Behavior Aalytics for a powerful cloud automation solution.

Bundle Only Available Until June 30

The Cloud Automation Bundle is a limited-time offer, available until June 30, 2021.

Talk with Thycotic about replacing time-consuming, error-prone manual privilege access management with policy-based automation designed for the cloud.

Even with multiple business and technical functions utilizing different types of cloud resources, you can have a consolidated view of privileged access across your organization and manage those privileges according to consistent policies.

For more information or to get a quote, please visit

PAM in the Cloud

PAM in the Cloud. Powerful. Secure.

Try the only feature-complete, enterprise-class CLOUD PAM solution in the world.


Like this post?

Get our top blog posts delivered to your inbox once a month.